SmartStateIndia
Special Story

When Ransomware-as-a-Service is trending, then it’s high time to shift gears in cybersecurity

RANSOMWARE

Organizations always aim to devise their security architecture that is ready to counter any type of cyber-threat. But when the threat actors devise a changing model to disrupt businesses and infrastructure, then to outsmart cybercriminals the organizations need to be ahead of the emerging tech adoption. In this article, we delve into the changing landscape and the trends that will shape up cybersecurity in 2022.

Do you remember, back in the late 2000’s how we were concerned about computer viruses would affect our desktop machines and laptops? Then things took a turn when internet penetration increased. And it, the Internet, became a pathway to many high-profile scams and the biggest online attacks we have ever seen. In this age of IoT, security and privacy have become a major concern for users. As work from home became more and more common for professionals around the globe, the number of threats is also on the rise.

RANSOMWARE – THE CAUSE OF PANIC

Ransomware is not a new term anymore, and has become a top global concern. The United States of America has announced the formation of a cybersecurity task force. It has also designated those who perpetrate ransomware attacks as terrorists, giving law enforcement agencies additional resources and stricter penalties when fighting cybercriminals. Even Interpol has raised the bar on combating ransomware. Other countries, including India, are doing the same. 

According to the recent Global Threat Landscape Report from FortiGuard Labs, ransomware incidents have increased nearly 1100% over the past twelve months. And in a new global ransomware survey conducted by Fortinet, an astonishing 67% of organizations report having been a ransomware target — with nearly half saying they had been targeted more than once and almost one in six saying they had been attacked three or more times.

The perimeter of any organization due to the pandemic that we are facing today has been forced to become more fragmented. This has led many organizations to transition from a simple cloud to a multi-cloud or a hybrid model. This cloud-based functioning has created a perfect environment for the cybercriminals to orchestrate attacks of unprecedented nature. To counter these kinds of attacks, if organizations adopt the ‘Fabric approach’, they can benefit from an integrated security platform that secures all assets on-premises, in the data center, and in the cloud or at the edge of the perimeter.

As technology is advancing at an exponential rate, organizations will need to plan ahead of time by leveraging the power of emerging technologies such as Artificial Intelligence (AI) and Machine Learning (ML) to speed threat prevention, detection, and response. By using advanced endpoint technologies such as endpoint detection and response (EDR) organizations will be able to identify malicious threats based on behavior. 

In addition to that, zero-trust network access (ZTNA) will be critical for securing the access of an organization’s internal applications. This is to extend the protections to mobile workers and learners. Apart from this, segmentation will remain a foundational strategy to restrict the lateral movement of cyber criminals inside a network. The speed at which these cyber-attacks are happening is huge and it keeps growing as and when we speak. Hence keeping breaches restricted to a smaller portion of the network looks feasible. Moreover, actionable and integrated threat intelligence can improve an organization’s ability to defend in real-time.

Chester Wisniewski, Principal Research Scientist of Sophos

According to Chester Wisniewski, Principal Research Scientist of Sophos, many organizations have indeed turned to more of a zero-trust approach rather than trusting remote users to access the whole LAN over a VPN. Zero-trust network access solutions limit the resources available to the remote employees, so that there is no unrestricted access to organization’s resources in case the remote employee’s system gets compromised. Cloud-managed software updates and security solutions also provide visibility into the security status of remote employees and ensure they stay patched and in a secure state.

Sundar Balasubramanian, Managing Director, India and SAARC, Check Point Software Technologies.

“Globally in 2021, 1 out of every 61 organisations was being impacted by ransomware each week. Despite the continued efforts of law enforcement to limit and stop the ransomware attacks globally, there has been no decrease in the attacks. Threat actors will target companies that can afford to pay a ransom, and ransomware attacks will become more sophisticated in 2022.” said Sundar Balasubramanian, Managing Director, India and SAARC, Check Point Software Technologies.

Mr. Sundar elaborates further, “Since supply chain attackers can take advantage of a lack of monitoring within an organization’s environment. It can be used to perform any type of cyber-attack, such as data breaches and malware infections. In 2021 the SolarWinds supply chain attack became famous due to its scale and influence, but there have been other supply chain attacks as well such as Codecov and Kaseya.”  The REvil ransomware gang exploited a zero-day vulnerability in Kaseya that compromised the company’s VSA product and affected more than 1,000 customers with the ransomware. The group demanded a ransom of USD 70 million to provide decryption keys for all affected customers.

SOCIAL ENGINEERING ATTACK

Social engineering attacks have become a major threat across the globe. In recent times there was a social engineering attack on Iranian citizens that stole billions of Rial from them. A social engineering attack is about motivating users or psychologically manipulating users to make security mistakes, or to leak out secret information unknowingly.

Kartik Shahani, Country Manager, Tenable IndiaEarlier attackers used the subjects that were in the news as social engineering lures. But as more and more people started getting aware of the hacks, attackers are finding new ways to execute their attacks. From opportunistic phishers to scheming nation-state actors, cyber adversaries have found multiple ways to exploit the networks. And the global pandemic has favoured them at an enormous scale. This includes phishing and business email compromise schemes, nation-state-backed campaigns, and ransomware attacks. The attackers worked to maximize the global nature of the pandemic that affected everyone around the world. Atop of it, they also got an expanded digital attack surface as office-goers were forced to work from home. According to Kartik Shahani, Country Manager, Tenable India, phishing attacks are at an all-time high. These kinds of attacks  were the most common attack vector that the cyber criminals used in 2021.

WORK FROM HOME

For the attackers, shift to remote work was an unprecedented opportunity to target unsuspecting individuals in multiple ways. For example, web-based malware used in phishing campaigns outranked the more traditional email delivery vector earlier this year. This demonstrates the attempt of cyber criminals to target their attacks when individuals are the most vulnerable and gullible, i.e. browsing the Internet at home. Web browsers, not just devices, are also a prime target for the cyber criminals, as they targeted remote workers during the pandemic.

Fortinet-Rajesh-Maurya
Rajesh Maurya, Regional Vice President, India & SAARC, Fortinet.

“In the first half of 2020, exploit attempts against several consumer-grade routers and IoT devices were at the top of the list for IPS detections. In addition, Mirai and Ghost dominated the most prevalent botnet detections, driven by an apparent growing interest of attackers targeting old and new vulnerabilities in the IoT landscape. These trends are noteworthy because it demonstrates how the network perimeter has extended to the home with cyber criminals seeking to gain a foothold in enterprise networks by exploiting devices that remote workers might use to connect to their organizations’ networks.” said Rajesh Maurya, Regional Vice President, India & SAARC, Fortinet.

Commenting on the technologies to counter the growing cyber threats Mr. Maurya said, “FortiGuard Labs had predicted that AI will begin to be leveraged by cyber criminals to enhance their malicious activities. Artificial Intelligence (AI) is already used defensively to detect unusual IoT behaviour that may indicate an attack, usually by botnets. And now, cyberattackers are leveraging AI to thwart the complicated algorithms used to detect that abnormal activity.”

Deep fakes are a growing concern for the organisations and government agencies as well.  As they leverage AI to mimic human activities and can be used to enhance social engineering attacks. One such AI-based system is GPT-3 (Generative Pre-trained Transformer) that uses deep language learning to produce convincing emails. With it, attackers can leverage hijacked emails by compromising mail servers or running man-in-the-middle attacks to generate emails and email replies that mimic the writing style, word choice, and tone of the person being impersonated, such as a manager or executive, even making references to previous correspondences.

Writing is just the start. There are already software tools designed to clone someone’s voice, with others in development. A vocal fingerprint of someone can be created using just a few seconds of audio and then generate arbitrary speech in real time. Elaborating on how vocal fingerprinting is still in initial development, Mr Maurya suggested, “This type of AI-enabled deep-fake will become problematic. As a central processing unit (CPU) or graphics processing unit (GPU) performance becomes more powerful (and cheaper). The bar to creating these deepfakes will also be lowered through the commercialization of advanced applications. These could eventually lead to real-time impersonations over voice and video applications that could pass biometric analysis. The possibilities are endless, including the elimination of voiceprints as a form of authentication.”

An open-source tool called Counterfit has just been released to pen test AI systems such as face recognition, image recognition, and fraud detection, etc., to ensure that the algorithms being used are trustworthy.

SECURING THE ROAD AHEAD

In the near future supply chain attacks will become more common. And governments will begin to establish regulations to address these attacks and protect networks. The government will also look into collaborating with the private sectors as well as other countries. This will help governments to identify and target more threat groups operating on a global and regional scale.

No IT solution is completely robust, and there may be some vulnerabilities. For organizations to prepare for such zero-day vulnerability exploits Mr. Sundar Balasubramanian said, “A unified security platform is essential to preventing zero-day attacks. A single solution with visibility and control across an organization’s entire IT ecosystem has the context and insight required to identify a distributed cyberattack. Additionally, the ability to perform coordinated, automated responses across an organization’s entire infrastructure is essential to preventing fast-paced zero-day attack campaigns.”

Experts suggest that organisations across all sectors must partner together and share data. This would enable a more effective response against any future attacks. It will help organisations predict future techniques to deter adversary efforts. Additionally, aligning forces through collaboration should remain a priority for the organizations to disrupt cybercriminal supply chain efforts before they attempt to exploit the same.

Tenable Karthik Shahani
Kartik Shahani, Country Manager, Tenable India

“In 2021, ransomware-as-a-service (RaaS) emerged as the biggest threat, making organizations cautious. In 2022, RaaS operators will become more selective about their targets, weighing whether the risk of getting caught is worth the reward. So far, we’ve seen organizations trying to outsmart cybercriminals,” said Kartik Shahani, Country Manager of Tenable India. He further said, “What we really need is a more nuanced approach to tackle the problem and prevent these attacks from being worthwhile. Organizations will have to focus their efforts on staying one step ahead and making it more expensive for cybercriminals to perpetrate attacks. If the reward is lower than the risk, threat actors can be dissuaded from launching cyber attacks.” 

Mr. Shahani predicts that in 2022, cybercriminals will continue to leverage vulnerabilities arising out of remote work because all it takes is one employee to fall prey to phishing emails to compromise the corporate network.

It’s true that online attacks have increased in numbers and will be increasing as the time passes by. In future hackers will leverage newer technology to attack the enterprises/organizations. And we might see social engineering attacks increasing. As new enterprises are growing and enhancing their network security, it has become difficult for the hackers/attackers to do their task. But as we live in a one connected world, the enterprises should come together as one entity and fight against these unworldly elements.

References: (Click here for more information on FortiGuard’s Cyber Threat Predictions for 2022)

Related posts

Unveiling Tomorrow: National Startup Day 2024 Sets the Stage for Innovative Ventures

SSI Bureau

Cybersecurity Threats and Best Practices To Avoid Them

SSI Bureau

What is 5G and What Does it Mean for Cybersecurity?

SSI Bureau

79 comments

Lehwfb March 8, 2024 at 11:16 pm

atorvastatin online order atorvastatin 20mg cost atorvastatin 80mg price

Reply
Hbvyjw March 18, 2024 at 2:33 pm

buy ciprofloxacin generic – where to buy ciplox without a prescription erythromycin pills

Reply
Xjlevn March 20, 2024 at 6:02 pm

stromectol 3 mg tablet – sumycin medication buy generic sumycin 250mg

Reply
Brpaud March 26, 2024 at 1:44 pm

buy glucophage 1000mg generic – cheap duricef lincocin without prescription

Reply
Geaavd March 29, 2024 at 12:01 am

buy clozaril generic – buy generic clozapine 100mg order pepcid 40mg sale

Reply
Cpjtqp March 29, 2024 at 6:45 pm

quetiapine 100mg oral – buy fluvoxamine pills eskalith without prescription

Reply
Yuteqm March 31, 2024 at 5:40 pm

order atarax without prescription – order generic hydroxyzine endep 10mg drug

Reply
Ypdspd March 31, 2024 at 6:20 pm

order anafranil 50mg – oral amoxapine 50mg brand doxepin 25mg

Reply
Zwgwgi April 9, 2024 at 5:42 pm

buy clindamycin cheap – buy cleocin 150mg pill cost chloromycetin

Reply
Oxzwfo April 13, 2024 at 8:53 am

ventolin without prescription – order generic phenergan buy theo-24 Cr pills

Reply
Ctcpwd April 13, 2024 at 1:03 pm

ivermectin generic – buy levaquin 500mg without prescription cefaclor 500mg uk

Reply
Jaxhwo April 15, 2024 at 6:13 pm

buy desloratadine pills for sale – purchase albuterol generic albuterol inhalator over the counter

Reply
Ddcgft April 16, 2024 at 2:12 pm

buy cheap generic methylprednisolone – buy generic azelastine 10ml order azelastine 10 ml online

Reply
Nfjhyc April 17, 2024 at 5:54 pm

glyburide 5mg for sale – generic micronase 5mg dapagliflozin 10 mg drug

Reply
Vuebfk April 19, 2024 at 6:38 pm

prandin generic – buy generic repaglinide for sale purchase jardiance generic

Reply
Lamaoz April 20, 2024 at 6:02 pm

buy metformin generic – buy metformin 500mg pills buy precose 50mg generic

Reply
Nawjfk April 23, 2024 at 4:45 pm

buy semaglutide 14mg – buy semaglutide generic buy generic desmopressin over the counter

Reply
Qrislw April 24, 2024 at 3:18 pm

nizoral drug – sporanox online buy sporanox

Reply
Htmgax April 26, 2024 at 4:45 pm

buy lanoxin 250 mg sale – order dipyridamole 100mg pill buy lasix online cheap

Reply
Fzvgsb April 26, 2024 at 6:39 pm

famvir price – order valcivir without prescription valaciclovir 1000mg generic

Reply
Urxvbq April 28, 2024 at 6:54 pm

cost microzide 25 mg – cheap norvasc 5mg buy bisoprolol 5mg for sale

Reply
Gbuknl April 29, 2024 at 10:08 pm

buy metoprolol online cheap – order generic micardis nifedipine 30mg generic

Reply
Fxwini April 30, 2024 at 6:37 pm

buy nitroglycerin online – buy valsartan 80mg generic buy valsartan 80mg sale

Reply
Wikcrx May 3, 2024 at 10:22 am

crestor peeve – ezetimibe buy connection caduet buy marriage

Reply
Dzykow May 20, 2024 at 6:13 am

acne medication coast – acne medication respect acne medication reflection

Reply
Qarrnt May 21, 2024 at 7:45 am

asthma medication young – inhalers for asthma brilliant asthma medication absolute

Reply
Derfjs May 22, 2024 at 2:32 am

uti antibiotics exclaim – uti antibiotics jump uti treatment channel

Reply
Pyxnlu May 23, 2024 at 3:59 am

pills for treat prostatitis stone – prostatitis treatment stair prostatitis treatment top

Reply
Iscjme May 25, 2024 at 11:36 pm

claritin unexpected – claritin pills reasonable loratadine armor

Reply
Dqfoyc May 27, 2024 at 9:51 pm

claritin pills capital – claritin pills highest claritin pills expression

Reply
Iuncgb May 30, 2024 at 8:53 pm

promethazine hark – promethazine swing promethazine chew

Reply
Ivzbyj June 6, 2024 at 6:07 pm

generic dulcolax – order liv52 20mg for sale buy liv52 without prescription

Reply
Jhyegt June 7, 2024 at 12:33 pm

rabeprazole cost – purchase maxolon generic order domperidone sale

Reply
Kasrqk June 9, 2024 at 8:03 am

buy bactrim 480mg online cheap – buy bactrim 480mg without prescription tobramycin usa

Reply
Tviaxh June 10, 2024 at 10:22 am

zovirax uk – order duphaston without prescription duphaston 10 mg cheap

Reply
Hpoydi June 11, 2024 at 9:40 am

order forxiga online cheap – order forxiga generic precose 25mg usa

Reply
Fpkzzj June 12, 2024 at 11:58 am

fulvicin 250mg us – where can i buy lopid lopid ca

Reply
Jlmvwr June 13, 2024 at 8:48 pm

cost vasotec – doxazosin 1mg canada buy latanoprost no prescription

Reply
Mqkvnu June 14, 2024 at 10:17 am

order dramamine 50mg online cheap – how to get dimenhydrinate without a prescription order risedronate 35 mg online

Reply
Qfznis June 16, 2024 at 7:19 am

feldene order – rivastigmine 6mg over the counter buy exelon generic

Reply
Cziszv June 16, 2024 at 10:47 am

purchase monograph pills – buy cheap monograph order generic pletal

Reply
Xxvbda June 26, 2024 at 1:58 pm

purchase nootropil online – biltricide usa sinemet online

Reply
Qrgbeq June 27, 2024 at 5:35 am

cheap hydroxyurea – purchase trecator sc online cheap methocarbamol online

Reply
Averyt June 29, 2024 at 2:50 am

What a great read! The humor was a nice touch. For further details, click here: READ MORE. Let’s chat about it!

Reply
Sqylbf June 30, 2024 at 6:47 pm

buy generic norpace – buy epivir 100 mg generic buy thorazine 100mg online

Reply
Pibqap July 2, 2024 at 8:18 pm

where can i buy cyclophosphamide – order vastarel generic vastarel online order

Reply
Mdcgrh July 3, 2024 at 8:41 pm

aldactone 25mg sale – buy phenytoin 100mg revia brand

Reply
Wddoak July 7, 2024 at 7:12 pm

zofran for sale online – order oxybutynin sale ropinirole pills

Reply
Vtauzs July 10, 2024 at 3:12 am

brand ascorbic acid 500 mg – cheap lopinavir ritonavir tablets purchase compro generic

Reply
Gyjfjv July 10, 2024 at 7:56 pm

order durex gel online – order durex gel sale cost latanoprost

Reply
Lyccvq July 14, 2024 at 7:38 pm

arava 20mg canada – cost actonel 35mg cheap cartidin

Reply
Lagzei July 15, 2024 at 2:57 am

order rogaine online cheap – buy cheap generic dutas order generic proscar 1mg

Reply
Jhadrk July 16, 2024 at 6:14 pm

buy tenormin 50mg generic – buy atenolol without prescription carvedilol 25mg price

Reply
Rafjuu July 18, 2024 at 7:05 pm

atorlip tablets – nebivolol sale buy nebivolol 5mg pill

Reply
Uqfniq July 21, 2024 at 5:57 am

buy lasuna tablets – himcolin canada himcolin pills

Reply
Ofqlkj July 25, 2024 at 4:17 pm

norfloxacin online buy – purchase flutamide for sale where to buy confido without a prescription

Reply
Ehkcft July 26, 2024 at 5:35 am

cheap speman pill – finasteride without prescription buy finasteride generic

Reply
Hnmcce July 29, 2024 at 3:04 pm

cheap finax sale – cheap finax for sale uroxatral 10 mg pill

Reply
Oguiiq August 8, 2024 at 3:31 pm

buy generic trileptal – order pirfenidone generic buy generic levoxyl

Reply
Qjktva August 10, 2024 at 9:48 pm

duphalac order – generic brahmi buy betahistine online cheap

Reply
Ejyoir August 14, 2024 at 7:49 am

cyclosporine price – buy imusporin sale buy colcrys pills for sale

Reply
Qzgmza August 18, 2024 at 9:14 am

order generic calcort – alphagan price brimonidine price

Reply
SandraLew August 19, 2024 at 6:03 pm

gummies for sleep have been a game-changer for me! They’re opportune, shattered, and a passionate direction to from the benefits of CBD discreetly. I’ve ground that they employees me unwind after a big lifetime and parallel with put my drop quality. Together with, wily definitely how much CBD I’m getting in each gummy makes it undemanding to preside over my dosage. If you’re curious involving maddening CBD, gummies are a great starting point. Just be sure to judge a well-thought-of maker with high-quality ingredients for the treatment of the best knowledge!

Reply
SandraLew August 19, 2024 at 9:50 pm

cbd gummies for sleep have been a game-changer as a remedy for me! They’re convenient, mouth-watering, and a passionate personality to get off on the benefits of CBD discreetly. I’ve ground that they aid me unwind after a fancy lifetime and to ground my catch quality. Plus, shrewd accurately how much CBD I’m getting in each gummy makes it undemanding to manage my dosage. If you’re irregular forth maddening CBD, gummies are a gifted starting point. Honourable be sure to on a reliable maker with high-quality ingredients after the best bib experience!

Reply
Euhjde August 22, 2024 at 4:10 am

buy besifloxacin eye drops for sale – sildamax pill buy cheap sildamax

Reply
Wsnpuj August 26, 2024 at 9:21 am

cost benemid 500 mg – probalan usa tegretol 400mg over the counter

Reply
Yuusgb August 30, 2024 at 12:27 am

buy celecoxib tablets – buy indomethacin 75mg sale order indomethacin online cheap

Reply
Hfvdem August 31, 2024 at 12:29 pm

buy colospa – colospa online buy order pletal 100mg

Reply
Ycqbuh September 9, 2024 at 11:12 am

cost rumalaya – elavil 50mg for sale order endep online cheap

Reply
Khhdwl September 12, 2024 at 6:36 pm

pyridostigmine 60mg uk – purchase mestinon generic order azathioprine online

Reply
Qzwiri September 16, 2024 at 8:41 am

voveran order online – buy nimodipine pill buy nimotop online cheap

Reply
Srbets September 22, 2024 at 5:03 am

meloxicam cheap – order generic mobic 15mg where to buy ketorolac without a prescription

Reply
Djhqjh September 24, 2024 at 4:28 am

cyproheptadine brand – buy tizanidine tablets order tizanidine generic

Reply
Mcpapn September 28, 2024 at 12:05 am

trihexyphenidyl without prescription – buy emulgel online cheap order cheap diclofenac gel

Reply
Ywvtmk October 1, 2024 at 6:23 am

buy generic omnicef – buy cleocin for sale cost clindamycin

Reply
Kovogr October 2, 2024 at 11:53 pm

order isotretinoin 10mg sale – buy generic avlosulfon for sale order deltasone online cheap

Reply
Pyeswb October 7, 2024 at 8:03 pm

oral permethrin – benzac oral tretinoin price

Reply
Yzuulm October 11, 2024 at 6:33 am

betnovate 20gm us – betamethasone 20gm cream generic benoquin

Reply
Aephqf October 12, 2024 at 10:24 am

cost flagyl 400mg – buy cheap generic metronidazole cenforce pills

Reply

Leave a Comment

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More